Builds By Luke
All plugins

WordPress Plugin · v1.0.9 · Live on WordPress.org

Upgrade Pilot

Know when a plugin changes hands, gets abandoned, or is closed. Freeze its updates. And check your site survives the next WordPress and PHP upgrade.

  • WordPress 6.2+
  • PHP 7.4+
  • GPLv2+
  • Multisite
  • Read-only

Live on the WordPress.org plugin directory. This page is the plugin’s official home.

Upgrade Pilot icon

WordPress tells you when a plugin has an update. It never tells you who is behind that update.

Plugins get sold. Authors walk away. Maintainers are quietly added to a project. Occasionally a plugin is closed on WordPress.org for a security problem, and the copy on your site keeps running as if nothing happened. In every one of those cases WordPress shows you exactly what it showed you yesterday: nothing. Upgrade Pilot watches the things WordPress does not.

How it works

Two jobs, done properly.

Job one · Update trust

Know who is behind your next update

WordPress tells you a plugin has an update. It never tells you the plugin was sold last week, that someone new just gained commit access, or that it was quietly closed on WordPress.org for a security problem. Upgrade Pilot snapshots the public directory record of every plugin you run, every day, and flags the moment any of that changes.

  • Author changes — the single clearest signal to look before you leap.
  • New contributors — someone new now has commit access to your site.
  • Closed or removed from WordPress.org, with the reason given.

Recent events

SEO Booster Author changed orbit-labs → axis-media-llc Acknowledge
Contact Form Lite Closed on WordPress.org Reason: security Acknowledge
Slider Deluxe Contributor(s) added dev-newcomer Acknowledge

Plugin custody & update freeze

Slider Deluxe 3.4.1 Author: axis-media · 2 contributors Freeze
SEO Booster 5.0.0 Auto-updates held while you review held Unfreeze
The Update Trust screen — provenance events and per-plugin update freeze. Example data shown.

Job two · Upgrade readiness

Know the upgrade will not break the site

Before you move to a new PHP or WordPress version, Upgrade Pilot answers whether it is safe — your server against the requirements WordPress itself reports, every plugin and theme cross-referenced against WordPress.org, and a local scan of your plugins’ PHP code for anything modern PHP removed, down to the file and line.

  • Server checks — PHP, database, memory, extensions, HTTPS — read live from WordPress.
  • Every plugin & theme cross-referenced against its WordPress.org record.
  • A local static scan of your PHP, batched so it never times out.
Ready

Nothing blocks your move to PHP 8.3

Target PHP 8.3 · this server runs 8.1. FACT checks are deterministic; ADVISORY results never block the verdict.

Server environment FACT

PHP version8.1.27 — meets minimum, target 8.3 supported
DatabaseMySQL 8.0 — above requirement
PHP security support8.1 gets security fixes until Dec 2025

Installed plugins vs WordPress.org FACT

Gallery ProNot tested against WordPress 6.6
Legacy CacheRequires PHP 8.3 — above your target

Static PHP compatibility scan ADVISORY
2 possible errors and 5 warnings found (3 suppressed by you). Advisory findings are hints, not verdicts.

The Readiness Report — server checks and the WordPress.org cross-reference. Example data shown.

Read-only, always

Upgrade Pilot never updates, deactivates, installs, or rewrites anything. The one thing it can change is a per-plugin auto-update hold, and only when you click the button yourself.

Honest about certainty

Deterministic results are labelled fact. Static-analysis results are labelled advisory and never drive the verdict on their own, because version-guarded and unreachable code legitimately trigger them.

Nothing sent behind your back

The only thing that leaves your site is a public plugin slug, sent to the same WordPress.org API core already uses. Every outbound request was logged and reconciled against the readme — in both directions.

In the free build

More than you would expect to be free.

  • Per-plugin update freeze

    Hold one plugin’s automatic updates while you decide. Opt-in, never touches core, manual updates always available.

  • Site Health integration

    Readiness surfaced inside WordPress’s own Site Health screen and its status tests.

  • Dashboard summary widget

    The current verdict and any unread trust events, at a glance on wp-admin.

  • Email alerts + daily digest

    Immediate mail for critical events, a daily digest for warnings. Informational events stay in the UI.

  • Weekly re-scan

    A scheduled readiness re-scan runs on its own, on by default — no cron wrangling.

  • WP-CLI

    wp upgrade-pilot scan, status and report — for servers you drive from the terminal.

  • Machine-readable export

    --format=json on the CLI, ungated and unmetered. Pipe the whole report straight into jq.

  • REST endpoint

    GET /wp-json/upgrade-pilot/v1/report for dashboards and fleet tooling, guarded by manage_options.

Free vs Pro

Pro is for when the site belongs to a client.

Every paid tier includes every feature; tiers differ only by how many sites your licence covers. Here is the honest split.

Capability Free Pro
Update-trust monitoring (author, contributors, closures, abandonment)
Upgrade readiness report + static PHP compatibility scan
Per-plugin manual update freeze
Machine-readable export (WP-CLI --format=json + REST)
Runs full on multisite (network storage, network-wide freeze)
Scheduled re-scan Weekly Daily / twice-daily
White-label client report (PDF / print, your name & colour)
Readiness summary emailed to your client, on a schedule
Slack & webhook alerts for update-trust events
Automatic update-hold policies (cooling-off on owner change)
Network Overview — every subsite’s status on one screen
Private email channel with the developer

Pro is a separate download, not an in-place upgrade — activating it switches the free copy off for you, and your settings, scan history and freeze list carry over untouched.

Questions people ask.

Does this plugin block updates?

No, not by default, and never silently. It ships with nothing frozen. When you do freeze a plugin it holds automatic updates for that one plugin only, using WordPress’s standard per-plugin filter — core is never affected, the update still shows on your Plugins screen, and you can install it manually any time. If a frozen plugin is later closed for a security issue, Upgrade Pilot says so loudly and tells you to unfreeze.

Why should I care who owns a plugin?

Because ownership changes are invisible in your dashboard, and they change who can push code to your site. A plugin can be sold, or hand a new maintainer commit access, and the next automatic update arrives looking exactly like every previous one. Upgrade Pilot puts a name and a date on that moment so you can decide whether to let the update through.

Does the scanner send my code anywhere?

No. The code scan runs entirely on your own server, in small time-sliced batches so it never times out on shared hosting. The only thing that ever leaves your site is the public slug of a plugin or theme, sent to the WordPress.org API — the same API WordPress core already queries for its own update checks.

What does "advisory" mean next to a finding?

It means the finding came from reading your code rather than from a definitive fact, and might be a false positive: code behind a version check, a dead branch, or a bundled polyfill can all trigger one. Advisory findings never turn your verdict red on their own, and you can permanently suppress any you have checked.

Does it work on a multisite network?

Yes, in full, for free. Network-activate it and a super admin manages it from the Network Admin menu. Because a network shares one copy of each plugin’s files, it keeps one set of data for the whole network and a freeze holds everywhere. What Pro adds on a network is the Network Overview screen — not multisite itself.

Running WordPress sites you cannot afford to break?

Upgrade Pilot is the preflight check before every update and every version bump. Free, read-only, and built by someone who reads every support thread.